Cracking Postgres Password Hashes with MDCrack

As far as I’m aware there are aren’t many good password crackers around for PostgreSQL database password hashes. Here are a few notes on how to crack postgres password hashes quickly using MDCrack. Even though MDCrack is a Windows program, it works well enough under WINE for our purposes. Linux users can therefore benefit from its impressive cracking speeds.

Where are the Hashes Kept?

Postgres keeps MD5-based password hashes for database-level users in the pg_shadow table. You need to be the database superuser to read this table (usually called “postgres” or “pgsql”). First log into the database. If you’ve gained local access to the Postgres server (e.g. via SSH), you’ll probably find that you don’t need a password to log in. You will need a username and the name of a database, though. The database “template1″ always exists: